Member Avatar for DylanHsu

I've been through so many forum topics in the past 24 hours, all over the internet. Spybot S&D, etc. etc. etc.... except for I contracted a severe strain of this virus which does not even let me download .exe's!

You've probably heard of XP Antivirus before.

So I went on another computer on my home network, downloaded several .exe's there, moved them to my computer, and finally got a Spybot scan to run. 6 entries found for XPAntivirus 2008 and fixed without hassle. Used a "Move on Boot" tool to clear out the folder in Program Files, and cleared the registry as well as a hidden little .exe in system32.

I'm still having problems with browsing the internet however... Google search redirects to bogus pages (now go.google.com/?* gives me a 403 error, which is a little better). It's also extremely slow and some font sizes are strange. I've been able to get on google using http://sureproxy.com. Odd font sizes, slow browsing, and problems with scripts (as well as problems with local clients that access the internet) are still giving me loads of issues though.

Here are the diagnostics you guys need:

Windows Malicious Software tool finds nothing.

HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:46 PM, on 8/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\toshiba\ivp\ism\pinger.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Pidgin\pidgin.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\RAMASST.exe
C:\greenshot\Greenshot.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\windows-kb890830-v2.1.exe
c:\6e6731600b6584fcc28c4f85a543a3\mrtstub.exe
C:\WINDOWS\system32\MRT.exe
C:\Program Files\Internet Explorer\Iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [NVRotateSysTray] rundll32.exe C:\WINDOWS\system32\nvsysrot.dll,Enable
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NDSTray.exe] C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [TFncKy] C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Pidgin] C:\Program Files\Pidgin\pidgin.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Greenshot.lnk = C:\greenshot\Greenshot.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1201301464241
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1201301561538
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation  - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 10294 bytes

Uninstall_list.txt (HijackThis):

Adobe Flash Player Plugin
Adobe Reader 7.0.5
Adobe Shockwave Player
AOL Coach Version 2.0(Build:20041026.5 en)
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
Audacity 1.2.4
avast! Antivirus
AVS Video Converter 6
AVS4YOU Software Navigator 1.2
BitComet 0.70
Bluetooth Stack for Windows by Toshiba
Bonjour
CD/DVD Drive Acoustic Silencer
Civilization IV - Warlords
Collab
Compatibility Pack for the 2007 Office system
Dawn of War - Dark Crusade
DawnOfWar
Dev-C++ 5 beta 9 release (4.9.9.2)
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DVD-RAM Driver
DVDx
FileZilla Client 3.0.10
Finale NotePad 2008
FL Studio 8
FL Studio v7.0
Freelancer
GiPo@MoveOnBoot 1.9.5
Google Earth
Google Toolbar for Internet Explorer
GTK+ Runtime 2.12.1 rev b (remove only)
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB894871)
Hotfix for Windows XP (KB895200)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hydrogen
IL Download Manager
Intel(R) PRO Network Connections Drivers
Intel(R) PROSet/Wireless Software
InterVideo WinDVD Creator 2
InterVideo WinDVD for TOSHIBA
iTunes
J2SE Runtime Environment 5.0 Update 4
LapLink USB Network cable adapter
LG USB Drivers
LimeWire 4.12.6
LinPlug SaxLab
LiveUpdate 3.0 (Symantec Corporation)
Macromedia Flash Player 8
Magic Workstation 0.94f
Malwarebytes' Anti-Malware
mCore
mDrWiFi
Metamail (Toshiba Registration Utility)
mHelp
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft Visual Basic 2008 Express Edition - ENU
Microsoft Visual Basic 2008 Express Edition - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
mIWA
mLogView
mMHouse
Mono for Windows 1.9.1
Mozilla Firefox (2.0.0.16)
mPfMgr
mPfWiz
mProSafe
MSDN Library for Microsoft Visual Studio 2008 Express Editions
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 6.0 Parser (KB933579)
mWlsSafe
mXML
mZConfig
Notepad++
NVIDIA Drivers
Office 2003 Trial Assistant
Pidgin
Pinnacle VideoSpin
PoiZone
Project64 1.6
QuickTime
RealPlayer
Realtek AC'97 Audio
Realtek High Definition Audio Driver
sat_screensaver_30mb
SD Secure Module
Sea3D
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Sibelius Scorch
Sid Meier's Civilization 4
Skype™ 3.8
SmartFTP Client 2.0
SmartFTP Client 2.0 Setup Files (remove only)
Software Suite
Sonic DLA
Sonic RecordNow!
Steam
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA SD Memory Card Format
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility
TOSHIBA Utilities
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Toxic Biohazard
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Viewpoint Media Player
VOB2MPG 2.5
VST Bridge 1.0
Winamp (remove only)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884018
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893056
winLAME prerelease4
WinRAR archiver
Xfire (remove only)

Malwarebytes is still running but I highly doubt it'll find anything, I've run it already. I will post logs up when the current thorough scan is complete if they help. I'm posting this as well from a different computer as the virus is not permitting the entry form for posting a new thread to submit.

  • 2 Contributors
  • 9 Replies
  • 260 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by jholland1964

Recommended Answers

All 9 Replies

Member Avatar for DylanHsu

Malwarebytes found 26 items - have not taken action on any of these items as of yet

Malwarebytes' Anti-Malware 1.25
Database version: 1092
Windows 5.1.2600 Service Pack 2

2:21:38 PM 8/28/2008
mbam-log-08-28-2008 (14-21-35).txt

Scan type: Full Scan (C:\|)
Objects scanned: 168691
Time elapsed: 54 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 11
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Dyl Hsu\Application Data\rhc3sfj0eg4n (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Dyl Hsu\Application Data\rhc3sfj0eg4n\Quarantine (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Dyl Hsu\Application Data\rhc3sfj0eg4n\Quarantine\Autorun (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Dyl Hsu\Application Data\rhc3sfj0eg4n\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Dyl Hsu\Application Data\rhc3sfj0eg4n\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Dyl Hsu\Application Data\rhc3sfj0eg4n\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Dyl Hsu\Application Data\rhc3sfj0eg4n\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Dyl Hsu\Application Data\rhc3sfj0eg4n\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Dyl Hsu\Application Data\rhc3sfj0eg4n\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Dyl Hsu\Application Data\rhc3sfj0eg4n\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Dyl Hsu\Application Data\rhc3sfj0eg4n\Quarantine\Packages (Rogue.Multiple) -> No action taken.

Files Infected:
C:\WINDOWS\system32\blphc7sfj0eg4n.scr (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\clbcat.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\phc7sfj0eg4n.bmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\pphc7sfj0eg4n.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Dyl Hsu\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> No action taken.
Member Avatar for jholland1964

Re-run the Malwarebytes program again and allow it to fix everything it finds.
Also run the online ESET Scanner and allow it also to fix all it finds. Note* You must use Internet Explorer for the ESET scanner.
Post back here with both logs.

Member Avatar for DylanHsu

Did a boot fix of Malware and running the scan again...

however, when I try to open Internet Explorer, the process IEXPLORE.EXE shows up in the Task Mngr's list of processes, but then immediately vanishes. Is there an alternative to the ESET scanner?

If it helps, I've also ran Avast! scans.

Member Avatar for jholland1964

Did a boot fix of Malware and running the scan again...
.

WHY?

Try HouseCall

Member Avatar for DylanHsu

As I sit here waiting for scan results I am surprised to say that the problems seem to have vanished upon that first Malwarebytes scan, however, the second scan still has found infection and the TrendMicro scan is not done. I'll follow up shortly, thanks for all the help - hopefully I'm nearly done with this pesky virus.

Member Avatar for jholland1964

Be sure to post ALL the logs. We may need to try one more thing. But I need to see the logs to be certain.

Member Avatar for DylanHsu 
Malwarebytes' Anti-Malware 

1.25
Database version: 1092
Windows 5.1.2600 Service Pack 

2

2:39:33 PM 8/28/2008
mbam-log-08-28-2008 

(14-39-33).txt

Scan type: Full Scan (C:\|)
Objects scanned: 168691
Time elapsed: 54 minute(s), 19 

second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 3
Registry Data Items Infected: 

0
Folders Infected: 11
Files Infected: 12

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Mi

crosoft\Windows 

NT\CurrentVersion\tdssdata 

(Trojan.Agent) -> Quarantined 

and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\td

ss (Trojan.Agent) -> 

Quarantined and deleted 

successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Mi

crosoft\Software Notifier 

(Rogue.Multiple) -> 

Quarantined and deleted 

successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Control 

Panel\Desktop\originalwallpape

r (Hijack.Wallpaper) -> 

Quarantined and deleted 

successfully.
HKEY_CURRENT_USER\Control 

Panel\Desktop\convertedwallpap

er (Hijack.Wallpaper) -> 

Quarantined and deleted 

successfully.
HKEY_CURRENT_USER\Control 

Panel\Desktop\scrnsave.exe 

(Hijack.Wallpaper) -> 

Quarantined and deleted 

successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\Dyl 

Hsu\Application 

Data\rhc3sfj0eg4n 

(Rogue.Multiple) -> 

Quarantined and deleted 

successfully.
C:\Documents and Settings\Dyl 

Hsu\Application 

Data\rhc3sfj0eg4n\Quarantine 

(Rogue.Multiple) -> 

Quarantined and deleted 

successfully.
C:\Documents and Settings\Dyl 

Hsu\Application 

Data\rhc3sfj0eg4n\Quarantine\A

utorun (Rogue.Multiple) -> 

Quarantined and deleted 

successfully.
C:\Documents and Settings\Dyl 

Hsu\Application 

Data\rhc3sfj0eg4n\Quarantine\A

utorun\HKCU (Rogue.Multiple) 

-> Quarantined and deleted 

successfully.
C:\Documents and Settings\Dyl 

Hsu\Application 

Data\rhc3sfj0eg4n\Quarantine\A

utorun\HKCU\RunOnce 

(Rogue.Multiple) -> 

Quarantined and deleted 

successfully.
C:\Documents and Settings\Dyl 

Hsu\Application 

Data\rhc3sfj0eg4n\Quarantine\A

utorun\HKLM (Rogue.Multiple) 

-> Quarantined and deleted 

successfully.
C:\Documents and Settings\Dyl 

Hsu\Application 

Data\rhc3sfj0eg4n\Quarantine\A

utorun\HKLM\RunOnce 

(Rogue.Multiple) -> 

Quarantined and deleted 

successfully.
C:\Documents and Settings\Dyl 

Hsu\Application 

Data\rhc3sfj0eg4n\Quarantine\A

utorun\StartMenuAllUsers 

(Rogue.Multiple) -> 

Quarantined and deleted 

successfully.
C:\Documents and Settings\Dyl 

Hsu\Application 

Data\rhc3sfj0eg4n\Quarantine\A

utorun\StartMenuCurrentUser 

(Rogue.Multiple) -> 

Quarantined and deleted 

successfully.
C:\Documents and Settings\Dyl 

Hsu\Application 

Data\rhc3sfj0eg4n\Quarantine\B

rowserObjects (Rogue.Multiple) 

-> Quarantined and deleted 

successfully.
C:\Documents and Settings\Dyl 

Hsu\Application 

Data\rhc3sfj0eg4n\Quarantine\P

ackages (Rogue.Multiple) -> 

Quarantined and deleted 

successfully.

Files Infected:
C:\WINDOWS\system32\blphc7sfj0

eg4n.scr (Trojan.FakeAlert) -> 

Quarantined and deleted 

successfully.
C:\WINDOWS\system32\clbcat.dll 

(Trojan.Agent) -> Quarantined 

and deleted successfully.
C:\WINDOWS\system32\tdssadw.dl

l (Trojan.Agent) -> Delete on 

reboot.
C:\WINDOWS\system32\tdssl.dll 

(Trojan.Agent) -> Delete on 

reboot.
C:\WINDOWS\system32\tdssserf.d

ll (Trojan.Agent) -> Delete on 

reboot.
C:\WINDOWS\system32\tdssmain.d

ll (Trojan.Agent) -> 

Quarantined and deleted 

successfully.
C:\WINDOWS\system32\tdssinit.d

ll (Trojan.Agent) -> 

Quarantined and deleted 

successfully.
C:\WINDOWS\system32\tdsslog.dl

l (Trojan.Agent) -> Delete on 

reboot.
C:\WINDOWS\system32\drivers\td

ssserv.sys (Trojan.Agent) -> 

Delete on reboot.
C:\WINDOWS\system32\phc7sfj0eg

4n.bmp (Trojan.FakeAlert) -> 

Quarantined and deleted 

successfully.
C:\WINDOWS\system32\pphc7sfj0e

g4n.exe (Trojan.FakeAlert) -> 

Quarantined and deleted 

successfully.
C:\Documents and Settings\Dyl 

Hsu\Application 

Data\Microsoft\Internet 

Explorer\Quick 

Launch\Antivirus XP 2008.lnk 

(Rogue.Antivirus2008) -> 

Quarantined and deleted 

successfully.

TrendMicro is stuck at 1 and 1/4 minutes left but hopefully it will give me logs sooner or later.

Member Avatar for DylanHsu

Ran Housecall overnight again, it found nothing :)

Member Avatar for jholland1964

Are you still having issues or do things seem cleared up?
Run a new HJT scan and post the log.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.